tobias/eventmaster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Remove Super-Admin role, bugfix if user enters buggy SQL injection on search field

Browse Source
This commit is contained in:
Tobias Zoghaib
2024-11-27 19:29:03 +01:00
parent b74da2dc3b
commit 947ed225b6
5 changed files with 13 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend/data/accountRoles.json
View File

@@ -4,29 +4,19 @@
"id": 0, "id": 0,
"name": "Unregistered", "name": "Unregistered",
"privilegeBuy": false, "privilegeBuy": false,
"privilegeAdminPanel": false, "privilegeAdminPanel": false
"privilegeFileAccess": false
}, },
{ {
"id": 1, "id": 1,
"name": "User", "name": "User",
"privilegeBuy": true, "privilegeBuy": true,
"privilegeAdminPanel": false, "privilegeAdminPanel": false
"privilegeFileAccess": false
}, },
{ {
"id": 2, "id": 2,
"name": "Admin", "name": "Admin",
"privilegeBuy": true, "privilegeBuy": true,
"privilegeAdminPanel": true, "privilegeAdminPanel": true
"privilegeFileAccess": false
},
{
"id": 3,
"name": "Super-Admin",
"privilegeBuy": true,
"privilegeAdminPanel": true,
"privilegeFileAccess": true
} }
] ]
} }

4
backend/data/accounts.json
View File

@@ -19,7 +19,7 @@
"iban": "DE92500105175721645777" "iban": "DE92500105175721645777"
} }
], ],
"accountRoleId": 2 "accountRoleId": 1
}, },
{ {
"username": "katjaStoiber", "username": "katjaStoiber",
@@ -94,7 +94,7 @@
"iban": "DE41500105172184936679" "iban": "DE41500105172184936679"
} }
], ],
"accountRoleId": 3 "accountRoleId": 2
}, },
{ {
"username": "guitarhero", "username": "guitarhero",

11
backend/routes/band.routes.ts
View File

@@ -137,10 +137,13 @@ band.get("/search", async (req: Request, res: Response) => {
// On stacked prompts, execute last prompt // On stacked prompts, execute last prompt
if (prompts.length > 1) { if (prompts.length > 1) {
const [results, metadata] = try {
await sequelize.query(prompts[prompts.length - 2]) const [results, metadata] =
await sequelize.query(prompts[prompts.length - 2])
res.status(200).json(results) res.status(200).json(results)
} catch (e) {
res.status(400).send()
}
} else { } else {
Band.findAll({ Band.findAll({
where: { where: {

2
src/stores/account.store.ts
View File

@@ -91,7 +91,7 @@ export const useAccountStore = defineStore("accountStore", {
this.privilegeBuy = true this.privilegeBuy = true
this.adminPanelVisible = response.data.accountRole.privilegeAdminPanel this.adminPanelVisible = response.data.accountRole.privilegeAdminPanel
if (response.data.accountRoleId == 3) { if (response.data.accountRoleId == 2) {
exerciseStore.solveExercise(2, 5) exerciseStore.solveExercise(2, 5)
} }
}) })

1
src/stores/basket.store.ts
View File

@@ -119,7 +119,6 @@ export const useBasketStore = defineStore('basketStore', {
for (let item of this.itemsInBasket) { for (let item of this.itemsInBasket) {
if (!item.concert.offered) { if (!item.concert.offered) {
exerciseStore.solveExercise(1, 2) exerciseStore.solveExercise(1, 2)
feedbackStore.addSnackbar(BannerStateEnum.EXERCISESOLVED12)
} }
} }